cvelistv5 - cve-2008-5507

CVE-2008-5507 (GCVE-0-2008-5507)

Vulnerability from cvelistv5

Published

2008-12-17 23:00

Modified

2024-08-07 10:56

Severity ?

CWE

Summary

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

References

URL

Tags

	http://www.securityfocus.com/bid/32882	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/33408	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1697	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/690-3/	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33205	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33421	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33232	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-1036.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/0977	vdb-entry, x_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376	vdb-entry, signature, x_refsource_OVAL
	http://www.ubuntu.com/usn/usn-690-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/archive/1/499353/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/usn-701-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33231	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	vendor-advisory, x_refsource_MANDRIVA
	https://usn.ubuntu.com/690-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/33203	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33433	third-party-advisory, x_refsource_SECUNIA
	http://scary.beasts.org/security/CESA-2008-011.html	x_refsource_MISC
	http://www.debian.org/security/2009/dsa-1707	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33216	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	vendor-advisory, x_refsource_SUNALERT
	http://www.securitytracker.com/id?1021423	vdb-entry, x_refsource_SECTRACK
	http://www.mozilla.org/security/announce/2008/mfsa2008-65.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-1037.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2009/dsa-1704	vendor-advisory, x_refsource_DEBIAN
	http://www.debian.org/security/2009/dsa-1696	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33204	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-701-2	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33184	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/47413	vdb-entry, x_refsource_XF
	http://www.redhat.com/support/errata/RHSA-2009-0002.html	vendor-advisory, x_refsource_REDHAT
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	vendor-advisory, x_refsource_SUNALERT
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/33415	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33188	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33523	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/35080	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.mozilla.org/show_bug.cgi?id=461735	x_refsource_MISC
	http://secunia.com/advisories/33547	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33434	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33189	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/34501	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:56:47.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32882",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32882"
          },
          {
            "name": "33408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33408"
          },
          {
            "name": "DSA-1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1697"
          },
          {
            "name": "USN-690-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/690-3/"
          },
          {
            "name": "33205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33205"
          },
          {
            "name": "33421",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33421"
          },
          {
            "name": "33232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33232"
          },
          {
            "name": "RHSA-2008:1036",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"
          },
          {
            "name": "ADV-2009-0977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0977"
          },
          {
            "name": "oval:org.mitre.oval:def:9376",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376"
          },
          {
            "name": "USN-690-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-690-2"
          },
          {
            "name": "20081218 Firefox cross-domain text theft (CESA-2008-011)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/499353/100/0/threaded"
          },
          {
            "name": "USN-701-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-701-1"
          },
          {
            "name": "33231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33231"
          },
          {
            "name": "MDVSA-2008:245",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"
          },
          {
            "name": "USN-690-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/690-1/"
          },
          {
            "name": "MDVSA-2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012"
          },
          {
            "name": "33203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33203"
          },
          {
            "name": "33433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33433"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2008-011.html"
          },
          {
            "name": "DSA-1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1707"
          },
          {
            "name": "33216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33216"
          },
          {
            "name": "256408",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
          },
          {
            "name": "1021423",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-65.html"
          },
          {
            "name": "RHSA-2008:1037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html"
          },
          {
            "name": "DSA-1704",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1704"
          },
          {
            "name": "DSA-1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1696"
          },
          {
            "name": "33204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33204"
          },
          {
            "name": "USN-701-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-701-2"
          },
          {
            "name": "33184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33184"
          },
          {
            "name": "mozilla-javascripturl-infor-disclosure(47413)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47413"
          },
          {
            "name": "RHSA-2009:0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html"
          },
          {
            "name": "258748",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1"
          },
          {
            "name": "MDVSA-2008:244",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244"
          },
          {
            "name": "33415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33415"
          },
          {
            "name": "33188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33188"
          },
          {
            "name": "33523",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33523"
          },
          {
            "name": "35080",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35080"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=461735"
          },
          {
            "name": "33547",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33547"
          },
          {
            "name": "33434",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33434"
          },
          {
            "name": "33189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33189"
          },
          {
            "name": "34501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34501"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32882",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32882"
        },
        {
          "name": "33408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33408"
        },
        {
          "name": "DSA-1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1697"
        },
        {
          "name": "USN-690-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/690-3/"
        },
        {
          "name": "33205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33205"
        },
        {
          "name": "33421",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33421"
        },
        {
          "name": "33232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33232"
        },
        {
          "name": "RHSA-2008:1036",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"
        },
        {
          "name": "ADV-2009-0977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0977"
        },
        {
          "name": "oval:org.mitre.oval:def:9376",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376"
        },
        {
          "name": "USN-690-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-690-2"
        },
        {
          "name": "20081218 Firefox cross-domain text theft (CESA-2008-011)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/499353/100/0/threaded"
        },
        {
          "name": "USN-701-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-701-1"
        },
        {
          "name": "33231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33231"
        },
        {
          "name": "MDVSA-2008:245",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"
        },
        {
          "name": "USN-690-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/690-1/"
        },
        {
          "name": "MDVSA-2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012"
        },
        {
          "name": "33203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33203"
        },
        {
          "name": "33433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33433"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2008-011.html"
        },
        {
          "name": "DSA-1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1707"
        },
        {
          "name": "33216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33216"
        },
        {
          "name": "256408",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
        },
        {
          "name": "1021423",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-65.html"
        },
        {
          "name": "RHSA-2008:1037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html"
        },
        {
          "name": "DSA-1704",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1704"
        },
        {
          "name": "DSA-1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1696"
        },
        {
          "name": "33204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33204"
        },
        {
          "name": "USN-701-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-701-2"
        },
        {
          "name": "33184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33184"
        },
        {
          "name": "mozilla-javascripturl-infor-disclosure(47413)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47413"
        },
        {
          "name": "RHSA-2009:0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html"
        },
        {
          "name": "258748",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1"
        },
        {
          "name": "MDVSA-2008:244",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244"
        },
        {
          "name": "33415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33415"
        },
        {
          "name": "33188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33188"
        },
        {
          "name": "33523",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33523"
        },
        {
          "name": "35080",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35080"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=461735"
        },
        {
          "name": "33547",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33547"
        },
        {
          "name": "33434",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33434"
        },
        {
          "name": "33189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33189"
        },
        {
          "name": "34501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34501"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-5507",
    "datePublished": "2008-12-17T23:00:00.000Z",
    "dateReserved": "2008-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:56:47.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-606

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Ces vulnérabilités peuvent être exploitées afin de réaliser un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été découvertes dans les produits Mozilla :

Firefox : : les vulnérabilités sont, pour la plupart, dues à une mauvaise gestion du langage Javascript. Ces vulnérabilités peuvent être exploitées afin, entre autre, de contourner la politique de sécurité, réaliser une injection de code indirecte, ou d'exécuter du code arbitraire à distance.

Thunderbird : : l'exploitation des vulnérabilités découvertes permet d'accéder à des informations sensibles, de conduire des attaques par injection de code indirecte, ou d'exécuter du code arbitraire à distance.

SeaMonkey : : l'exploitation des vulnérabilités découvertes permet d'accéder à des informations sensibles, de conduire des attaques par injection de code indirecte, ou d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La nouvelle version de Thunderbird n'est pas encore disponible. En attendant, le CERTA recommande d'utiliser un client de messagerie alternatif.

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	Mozilla SeaMonkey versions inférieures à la version 1.1.14.
Mozilla	Firefox	Mozilla Firefox versions inférieures à la version 3.0.5 ;
Mozilla	Thunderbird	Mozilla Thunderbird versions inférieures à la version 2.0.0.19 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted